US Cable Support > Comcast HSI > Odd log message

Odd log message

Mar 23 15:33:29 firewall rtadvd[21401]: received RA from fe80::1edf:fff:fe02:28e2 on non-advertising interface(em0)

Mar 23 15:33:32 firewall rtadvd[21401]: received RA from fe80::1edf:fff:fe02:28e2 on non-advertising interface(em0)

Mar 23 15:33:35 firewall rtadvd[21401]: received RA from fe80::1edf:fff:fe02:28e2 on non-advertising interface(em0)

Mar 23 15:33:38 firewall rtadvd[21401]: received RA from fe80::1edf:fff:fe02:28e2 on non-advertising interface(em0)

Mar 23 15:33:41 firewall rtadvd[21401]: received RA from fe80::1edf:fff:fe02:28e2 on non-advertising interface(em0)

Mar 23 15:33:53 firewall last message repeated 4 times

Mar 23 15:33:56 firewall rtadvd[21401]: received RA from fe80::1edf:fff:fe02:28e2 on non-advertising interface(em0)

Mar 23 15:33:59 firewall rtadvd[21401]: received RA from fe80::1edf:fff:fe02:28e2 on non-advertising interface(em0)

Mar 23 15:34:02 firewall rtadvd[21401]: received RA from fe80::1edf:fff:fe02:28e2 on non-advertising interface(em0)

Mar 23 15:34:35 firewall last message repeated 11 times

Mar 23 15:35:38 firewall last message repeated 21 times

Mar 23 15:35:41 firewall rtadvd[21401]: received RA from fe80::1edf:fff:fe02:28e2 on non-advertising interface(em0)

Mar 23 15:37:05 firewall rtadvd[4691]: received RA from fe80::1edf:fff:fe02:28e2 on non-advertising interface(em0)

I get the same thing flooding my log, making it essentially useless. It has always done this ever since I activated IPv6. My "last message repeated times" runs 150-180.

I have no idea why it does this and the support forum for the firewall has not helped.

My router is a m0n0wall, what is yours? m0n0wall or pfsense or ?

*Edit* I believe I found what it is: It is an Internet Control Message Protocol version 6 (ICMPv6) "Router Advertisement" packet

rtadvd is the RouTerADVertisementDaemon

From the Neighbor Discovery Protocol Wikipedia entry:

1.Router Solicitation - used by hosts to locate routers on an attached link.[Definitions 1] Nodes which forward packets not addressed to them generate Router Advertisements immediately upon receipt of this message rather than at their next scheduled time.
2.Router Advertisement - used by routers to advertise their presence together with various link and Internet parameters either periodically, or in response to a Router Solicitation message

You're on your own after that heh. Took me a bit to find that and I'm tired.

Thanks, but I already know what they are.

What I don't understand is why they are flooding my log and what I can do to get it stopped or ignored without logging.

reply to MisterP
Thanks, I know what the rtadvd packet is, as I run rtadvd for my internal network to mete out IPv6 addresses.

I just don't know why I am seeing those packets coming in from the cable modem.

reply to graysonf

Mine look like this:

rtadvd[214]: received RA from fe80::201:5cff:fe22:c9c1 on non-advertising interface(fxp1)

fe80::201:5cff:fe22:c9c1 listed by the firewall as my WAN IPv6 gateway address.

My WAN IPv6 gateway has a 2001:470:... tunnel broker prefix. I don't see any host in the routing table with the fe80::1edf:fff:fe02:28e2 IP address.

btw, here's the log since midnight: (looks like a hit every three seconds)

Mar 24 00:03:04 firewall rtadvd[30037]: received RA from fe80::1edf:fff:fe02:28e2 on non-advertising interface(em0)
Mar 24 00:03:34 firewall last message repeated 10 times
Mar 24 00:05:34 firewall last message repeated 40 times
Mar 24 00:15:35 firewall last message repeated 200 times
Mar 24 00:25:36 firewall last message repeated 200 times
Mar 24 00:35:34 firewall last message repeated 199 times
Mar 24 00:45:35 firewall last message repeated 200 times
Mar 24 00:55:37 firewall last message repeated 200 times
Mar 24 01:05:38 firewall last message repeated 200 times
Mar 24 01:15:36 firewall last message repeated 199 times
Mar 24 01:25:37 firewall last message repeated 200 times
Mar 24 01:35:38 firewall last message repeated 200 times
Mar 24 01:45:36 firewall last message repeated 199 times
Mar 24 01:55:37 firewall last message repeated 200 times
Mar 24 02:05:38 firewall last message repeated 200 times
Mar 24 02:15:39 firewall last message repeated 200 times
Mar 24 02:25:37 firewall last message repeated 199 times
Mar 24 02:35:38 firewall last message repeated 200 times
Mar 24 02:45:39 firewall last message repeated 200 times
Mar 24 02:55:40 firewall last message repeated 200 times
Mar 24 03:05:38 firewall last message repeated 199 times
Mar 24 03:15:39 firewall last message repeated 200 times
Mar 24 03:25:40 firewall last message repeated 200 times
Mar 24 03:35:38 firewall last message repeated 199 times
Mar 24 03:45:39 firewall last message repeated 200 times
Mar 24 03:55:40 firewall last message repeated 200 times
Mar 24 04:05:42 firewall last message repeated 200 times
Mar 24 04:15:40 firewall last message repeated 199 times
Mar 24 04:25:41 firewall last message repeated 200 times
Mar 24 04:35:42 firewall last message repeated 200 times
Mar 24 04:45:40 firewall last message repeated 199 times
Mar 24 04:55:41 firewall last message repeated 200 times
Mar 24 05:05:42 firewall last message repeated 200 times
Mar 24 05:15:43 firewall last message repeated 200 times
Mar 24 05:25:41 firewall last message repeated 199 times
Mar 24 05:35:42 firewall last message repeated 200 times
Mar 24 05:45:43 firewall last message repeated 200 times
Mar 24 05:55:41 firewall last message repeated 199 times
Mar 24 06:05:42 firewall last message repeated 200 times
Mar 24 06:15:43 firewall last message repeated 200 times
Mar 24 06:25:44 firewall last message repeated 200 times
Mar 24 06:35:42 firewall last message repeated 199 times
Mar 24 06:45:43 firewall last message repeated 200 times
Mar 24 06:55:44 firewall last message repeated 200 times
Mar 24 07:05:46 firewall last message repeated 200 times
Mar 24 07:15:44 firewall last message repeated 199 times
Mar 24 11:32:20 firewall last message repeated 200 times
Mar 24 11:42:21 firewall last message repeated 200 times
Mar 24 11:52:19 firewall last message repeated 199 times
Mar 24 12:02:20 firewall last message repeated 200 times
Mar 24 12:08:27 firewall last message repeated 122 times

reply to camper
I have logs going back to midnight March 17, 2013. The following is the first occurrence that I see in the logs:

Mar 20 12:00:59 firewall rtadvd[6348]: received RA from fe80::1edf:fff:fe02:28e2 on non-advertising interface(em0)

reply to camper
fe80::1edf:fff:fe02:28e2 is a local link address somewhere.

I don't see the offending address in my routing table either.

Have you tried asking on any of the NetBSD mail lists or forums?

Also, I think that if you are seeing this stuff you could probably be using Comcast native IPv6. Have you tried it yet or do you just prefer an HE tunnel?

Every few days, I fire up dhclient6 to see if I can get a prefix delegation, but no luck. That was my first thought, that Comcast was starting to enable IPv6 here.

I'd prefer to move over to Comcast native IPv6 when it becomes available. The he.net tunnel has been good to me, quite fast (faster and more reliable than Comcast's IPv4 when watching youtube videos), and I can't argue about the cost. But it is a layer of distraction compared to native Comcast IPv6.

Are you sure you really can't get native IPv6? I thought they were very well along rolling it out by now.

Am I sure? no. Am I fairly sure? yes.

(unless you count a toredo (or is it a 6to4) tunnel that I get when I connect a Windows XP notebook directly to the cable modem.)

I've not heard of anyone who has IPv6 in this area yet.

I checked a little while ago, still no response to dhclient6 requests for PD, and those rtadvd packets do not result in an IPv6 address.

Just as suddenly as they started, the rtadvd packets have stopped at 14:26 this afternoon.

No entries in the log since then. {shrug}

I wish that were true here. I'd be willing to bet that once you are native IPv6 they will return.

reply to camper
Send me your HFC (RF) cable modem mac, I would like to take a look at the CMTS that services your area.. Most likely they are enabling interfaces for v6. Once they apply the config your going to see RA's but the DHCPv6 server isn't giving out v6 till we are ready.

Is there anything Comcast is doing that is causing these messages to flood my log?

This is the second BSD based firewall that is reporting this so I know it isn't just me.

The logging level is not user settable.

The gist of the problem appears to me to be that RAs are arriving on an interface (WAN) that are unable to make use of them (non-advertising interface), thus triggering the log event.